OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net/tipc
History
Xin Long 2ac695d1d6 tipc: handle the err returned from cmd header function 
Syzbot found a crash:

  BUG: KMSAN: uninit-value in tipc_nl_compat_name_table_dump+0x54f/0xcd0 net/tipc/netlink_compat.c:872
  Call Trace:
    tipc_nl_compat_name_table_dump+0x54f/0xcd0 net/tipc/netlink_compat.c:872
    __tipc_nl_compat_dumpit+0x59e/0xda0 net/tipc/netlink_compat.c:215
    tipc_nl_compat_dumpit+0x63a/0x820 net/tipc/netlink_compat.c:280
    tipc_nl_compat_handle net/tipc/netlink_compat.c:1226 [inline]
    tipc_nl_compat_recv+0x1b5f/0x2750 net/tipc/netlink_compat.c:1265
    genl_family_rcv_msg net/netlink/genetlink.c:601 [inline]
    genl_rcv_msg+0x185f/0x1a60 net/netlink/genetlink.c:626
    netlink_rcv_skb+0x431/0x620 net/netlink/af_netlink.c:2477
    genl_rcv+0x63/0x80 net/netlink/genetlink.c:637
    netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline]
    netlink_unicast+0xf3e/0x1020 net/netlink/af_netlink.c:1336
    netlink_sendmsg+0x127f/0x1300 net/netlink/af_netlink.c:1917
    sock_sendmsg_nosec net/socket.c:622 [inline]
    sock_sendmsg net/socket.c:632 [inline]

  Uninit was created at:
    __alloc_skb+0x309/0xa20 net/core/skbuff.c:208
    alloc_skb include/linux/skbuff.h:1012 [inline]
    netlink_alloc_large_skb net/netlink/af_netlink.c:1182 [inline]
    netlink_sendmsg+0xb82/0x1300 net/netlink/af_netlink.c:1892
    sock_sendmsg_nosec net/socket.c:622 [inline]
    sock_sendmsg net/socket.c:632 [inline]

It was supposed to be fixed on commit 974cb0e3e7 ("tipc: fix uninit-value
in tipc_nl_compat_name_table_dump") by checking TLV_GET_DATA_LEN(msg->req)
in cmd->header()/tipc_nl_compat_name_table_dump_header(), which is called
ahead of tipc_nl_compat_name_table_dump().

However, tipc_nl_compat_dumpit() doesn't handle the error returned from cmd
header function. It means even when the check added in that fix fails, it
won't stop calling tipc_nl_compat_name_table_dump(), and the issue will be
triggered again.

So this patch is to add the process for the err returned from cmd header
function in tipc_nl_compat_dumpit().

Reported-by: syzbot+3ce8520484b0d4e260a5@syzkaller.appspotmail.com
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2019-03-31 16:45:57 -07:00
..
Kconfig
Makefile tipc: enable tracepoints in tipc 2018-12-19 11:49:24 -08:00
addr.c
addr.h
bcast.c
bcast.h
bearer.c tipc: fix a double free in tipc_enable_bearer() 2018-12-27 16:16:17 -08:00
bearer.h tipc: enable tracepoints in tipc 2018-12-19 11:49:24 -08:00
core.c
core.h
diag.c
discover.c tipc: fix lockdep warning when reinitilaizing sockets 2018-11-17 22:01:31 -08:00
discover.h
eth_media.c
group.c net: tipc: fix a missing check of nla_nest_start 2019-03-16 12:09:05 -07:00
group.h
ib_media.c
link.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-02-15 12:38:38 -08:00
link.h tipc: add trace_events for tipc link 2018-12-19 11:49:24 -08:00
monitor.c
monitor.h
msg.c
msg.h tipc: fix link session and re-establish issues 2019-02-11 21:26:20 -08:00
name_distr.c
name_distr.h
name_table.c
name_table.h
net.c tipc: change to check tipc_own_id to return in tipc_net_stop 2019-03-26 11:21:20 -07:00
net.h tipc: fix lockdep warning when reinitilaizing sockets 2018-11-17 22:01:31 -08:00
netlink.c
netlink.h
netlink_compat.c tipc: handle the err returned from cmd header function 2019-03-31 16:45:57 -07:00
node.c tipc: tipc clang warning 2019-03-23 21:45:59 -04:00
node.h tipc: enable tracepoints in tipc 2018-12-19 11:49:24 -08:00
socket.c tipc: allow service ranges to be connect()'ed on RDM/DGRAM 2019-03-17 21:32:11 -07:00
socket.h tipc: add trace_events for tipc socket 2018-12-19 11:49:24 -08:00
subscr.c
subscr.h
sysctl.c tipc: add trace_events for tipc socket 2018-12-19 11:49:24 -08:00
topsrv.c tipc: fix cancellation of topology subscriptions 2019-03-21 09:09:04 -07:00
topsrv.h
trace.c tipc: remove unneeded semicolon in trace.c 2019-01-17 22:04:43 -08:00
trace.h tipc: add trace_events for tipc bearer 2018-12-19 11:49:25 -08:00
udp_media.c tipc: compare remote and local protocols in tipc_udp_enable() 2018-12-14 13:28:03 -08:00
udp_media.h